It provides a policy-based approach for
application-behavior enforcement intended to help prevent malicious
activities. Pre-built security profiles for commonly used applications, such
as OpenSSH, DHCP, Samba, Sendmail and MySQL, as well a wizard driven
interface to create new policies, are all part of AppArmor.

SELinux offers a similar approach to AppArmor in that it
defines access controls for application security. Both applications utilize
the Linux Security Modules (LSM) framework,which provides security hooks for
operational control of certain Linux kernel objects.

Novell spokesperson Kevan Barney explained that among the reasons why
AppArmor is now being open sourced is the fact that "the need is now."

"As hackers get better at attacking systems through vulnerable
applications, application security has increased in importance," Barney told
internetnews.com. "Our customers are looking for ways to implement this
across their enterprise networks."

"AppArmor provides a way to deploy this type of security today without a
huge investment in resources."

According to Barney, the open sourcing of AppArmor gives the community an
easier-to-use alternative to SELinux and provides application developers a
set of tools for implementing application security.

It also means that
Novell can integrate the AppArmor Linux application security framework
across its entire Linux product line.

There will be no functional differences between the AppArmor code
currently shipping from Novell and the code that is now open sourced. Barney
explained that the code released under Novell Forge and integrated into
openSUSE represents two branches of development.

One of them is a stable
codebase integrated into openSUSE that will provide the base AppArmor
software for inclusion in SUSE Linux Enterprise Server. The other is a
development branch with a more forward-looking code base that will include
development efforts that are not yet integrated into Novell products.